Exams > Cisco > 300-715: Implementing and Configuring Cisco Identity Services Engine (300-715 SISE)
300-715: Implementing and Configuring Cisco Identity Services Engine (300-715 SISE)
Page 1 out of 19 pages Questions 1-10 out of 184 questions
Question#1

Which personas can a Cisco ISE node assume?

  • A. policy service, gatekeeping, and monitoring
  • B. administration, monitoring, and gatekeeping
  • C. administration, policy service, and monitoring
  • D. administration, policy service, gatekeeping
Discover Answer Hide Answer

C
Reference:
https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html

Question#2

What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?

  • A. The secondary node restarts.
  • B. The primary node restarts.
  • C. Both nodes restart.
  • D. The primary node becomes standalone.
Discover Answer Hide Answer

C

Question#3

DRAG DROP -
Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the right.
Select and Place:

Discover Answer Hide Answer


Reference:
https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html

Question#4

Which two features are available when the primary admin node is down and the secondary admin node has not been promoted? (Choose two.)

  • A. new AD user 802.1X authentication
  • B. hotspot
  • C. posture
  • D. guest AUP
  • E. BYOD
Discover Answer Hide Answer

BD

Question#5

Which supplicant(s) and server(s) are capable of supporting EAP-CHAINING?

  • A. Cisco Secure Services Client and Cisco Access Control Server
  • B. Cisco AnyConnect NAM and Cisco Identity Service Engine
  • C. Cisco AnyConnect NAM and Cisco Access Control Server
  • D. Windows Native Supplicant and Cisco Identity Service Engine
Discover Answer Hide Answer

B
Reference:
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/eap-fast/200322-Understanding-EAP-FAST-and-Chaining-imp.html

Question#6

A network administrator must configure endpoints using an 802.1X authentication method with EAP identity certificates that are provided by the Cisco ISE. When the endpoint presents the identity certificate to Cisco ISE to validate the certificate, endpoints must be authorized to connect to the network.
Which EAP type must be configured by the network administrator to complete this task?

  • A. EAP-TTLS
  • B. EAP-TLS
  • C. EAP-FAST
  • D. EAP-PEAP-MSCHAPv2
Discover Answer Hide Answer

B
Reference:
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/214975-configure-eap-tls-authentication-with-is.html

Question#7

An organization wants to standardize the 802.1X configuration on their switches and remove static ACLs on the switch ports while allowing Cisco ISE to communicate to the switch what access to provide.
What must be configured to accomplish this task?

  • A. dynamic access list within the authorization profile
  • B. extended access-list on the switch for the client
  • C. security group tag within the authorization policy
  • D. port security on the switch based on the client's information
Discover Answer Hide Answer

C

Question#8


Refer to the exhibit.
In which scenario does this switch configuration apply?

  • A. when allowing a hub with multiple clients connected
  • B. when allowing multiple IP phones to be connected
  • C. when preventing users with hypervisor
  • D. when bypassing IP phone authentication
Discover Answer Hide Answer

A
Reference;
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_8021x/configuration/xe-3se/5700/sec-user-8021x-xe-3se-5700-book/sec-ieee-802x-multi- auth.html

Question#9


Refer to the exhibit.
Which switch configuration change will allow only one voice and one data endpoint on each port?

  • A. auto to manual
  • B. mab to dot1x
  • C. multi-auth to multi-domain
  • D. multi-auth to single-auth
Discover Answer Hide Answer

C
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-6/configuration_guide/sec/b_166_sec_9300_cg/ configuring_ieee_802_1x_port_based_authentication.html

Question#10

A network security engineer needs to configure 802.1X port authentication to allow a single host to be authenticated for data and another single host to be authenticated for voice.
Which command should the engineer run on the interface to accomplish this goal?

  • A. authentication host-mode multi-domain
  • B. authentication host-mode single-host
  • C. authentication host-mode multi-auth
  • D. authentication host-mode multi-host
Discover Answer Hide Answer

A
Reference:
https://www.pearsonitcertification.com/articles/article.aspx?p=1762597

chevron rightPrevious Nextchevron right